The present invention relates generally to communication of messages over networks, and more particularly to communication of messages between sender and receiver computers in dependence on authentication of receiver passwords by a server system.
Secure communication of message data between sender and receiver computers via potentially insecure networks can be achieved using a standard PKI (public key infrastructure). PKI-based messaging requires the receiver to store a (high-entropy) secret key. Senders need to know the corresponding public key for that receiver. This public key is used for message encryption whereby only the correct receiver, with the corresponding secret key, can decrypt the message. Public keys are authenticated via certificates issued by a certification authority. These certificates are expensive for users and require appropriate management, e.g. to accommodate revocation.
In the absence of a PKI, secure communication of messages between sender and receiver computers over insecure networks is problematical. The task becomes even more difficult if neither the receiver nor the sender have any cryptographic key material, such as PGP (Pretty Good Privacy), of their own. The standard procedure for message communication is to use an additional server, e.g., a file-host or e-mail server, which receives and stores the message data from a sender. The sender then sends a link to the receiver which uses the link to download the message from the server. If the message is not encrypted, the server can see the message data. Clearly this is not acceptable if the data is sensitive. Simply encrypting the message (e.g. an e-mail) with a strong cryptographic key is also problematical, since then the key has to be sent to the receiver, i.e., the problem has only been shifted to secure communication of the key. One can of course use a password to encrypt the message, but passwords typically have low-entropy and are vulnerable to brute-force attacks. One must therefore assume that a corrupt server learns both the password and all message data sent using the password. Current schemes which do provide some security when passwords are used all have one very important weakness: the password has to be exchanged in advance. This requires that the sender and receiver have established a secure (i.e., a private) channel beforehand, which may not always be feasible, e.g., for e-mails. Such schemes also assume that the sender chooses the password and transmits a message only once with this password. This is a considerable inconvenience and is unrealistic for many applications, e.g. e-mails, where senders may wish to send more than one message to a receiver.